Add support for MCP scopes & tool permissions (#1266)

* Add scopes as part of the prisma schema

* Add MCP OAuth scope discovery and selection

* Refactor MCP scopes into configurable entries

* Refactor MCP server tool data table

* Add MCP server tool permissions

* Cache MCP tool definitions in Redis

* Auto-save MCP tool permission changes

* Avoid expensive tool fetch after updating tool permissions. Just update react query cache instead

* deduplicate some code for cleanliness

* Squash prisma migrations. Update redis cache for mcp tools to be per user, 1h time out

* update prisma migrations

* Update mcpScope to be referred to as mcpOAuthScope across the codebase

* Add documentation for scopes and permissions

* Update docs to say Ask Sourcebot

---------

Co-authored-by: Jack Minnetian <270441393+BlueBottleLatte@users.noreply.github.com>

Author: jsourcebot

docs/docs/features/ask/connectors.mdx

@@ -32,7 +32,7 @@ If Ask Sourcebot needs to use a tool that requires approval, it pauses and asks
 An owner must add a connector before organization members can use it.
 
 To add a connector:
-1. **Settings → Workspace → Ask Agent** 
+1. **Settings → Workspace → Ask Sourcebot** 
 2. Click **Add connector**. 
 3. Enter the MCP server URL and the name the organization will see for this server.
 
@@ -50,9 +50,68 @@ then enter the OAuth client ID and client secret in Sourcebot.
   </Frame>
 </div>
 
+## OAuth Scopes
+
+Owners can configure which OAuth scopes users authorize when connecting to a connector.
+
+Sourcebot checks the connector for discoverable scopes and shows them as options. You can also add custom scopes.
+
+<div className="max-w-sm mx-auto">
+  <Frame>
+    <img
+      src="/images/connectors_oauth_scopes.png"
+      alt="OAuth scopes discovery"
+    />
+  </Frame>
+</div>
+
+Owners can change connector scopes at any time from **Settings → Workspace → Ask Sourcebot** and select **Edit OAuth scopes**.
+
+<div className="max-w-xl mx-auto">
+  <Frame>
+    <img
+      src="/images/connectors_edit_scopes.png"
+      alt="OAuth scopes editing"
+    />
+  </Frame>
+</div>
+
+<Warning>
+Changing connector scopes requires all users to re-authenticate with that connector.
+</Warning>
+
+## Tool Permissions
+
+Owners can configure how Ask Sourcebot may use each tool exposed by a connector. Changes take effect immediately and do not require users to re-authenticate.
+
+To edit tool permissions, open the connector menu from **Settings → Workspace → Ask Sourcebot** and select **Edit tool permissions**.
+
+<div className="max-w-xl mx-auto">
+  <Frame>
+    <img
+      src="/images/connectors_edit_tool_permissions.png"
+      alt="Tools editing"
+    />
+  </Frame>
+</div>
+
+Each tool can be **Allowed**, require **Needs Approval**, or be **Blocked**. Allowed tools can run without pausing the chat, tools that need approval ask the user before running, and blocked tools are not available to Ask Sourcebot.
+
+Sourcebot groups tools by the hints reported by the connector. Tools with a read-only hint are grouped separately and tools without that hint are treated as write/delete tools.
+
+<div className="max-w-lg mx-auto">
+  <Frame>
+    <img
+      src="/images/connectors_tool_permissions.png"
+      alt="Tool permissions view"
+    />
+  </Frame>
+</div>
+
+
 ## Connecting
 
-After an owner adds connectors for your organization, go to **Settings → Account → Ask Agent** to connect them.
+After an owner adds connectors for your organization, go to **Settings → Account → Ask Sourcebot** to connect them.
 
 You can see all available connectors on this page. After you connect one, you can inspect the tools it provides and what each tool does.
 

docs/images/connectors_edit_scopes.png

@@ -1,50 +1,3 @@
-import { env } from "@sourcebot/shared";
-import { Redis } from 'ioredis';
-import fs from "fs";
+import { createRedisClient } from "@sourcebot/shared";
 
-const buildTlsOptions = (): Record<string, unknown> => {
-    if (env.REDIS_TLS_ENABLED !== "true" && !env.REDIS_URL.startsWith("rediss://")) {
-        return {};
-    }
-
-    return {
-        tls: {
-            ca: env.REDIS_TLS_CA_PATH
-                ? fs.readFileSync(env.REDIS_TLS_CA_PATH)
-                : undefined,
-            cert: env.REDIS_TLS_CERT_PATH
-                ? fs.readFileSync(env.REDIS_TLS_CERT_PATH)
-                : undefined,
-            key: env.REDIS_TLS_KEY_PATH
-                ? fs.readFileSync(env.REDIS_TLS_KEY_PATH)
-                : undefined,
-            ...(env.REDIS_TLS_REJECT_UNAUTHORIZED
-                ? { rejectUnauthorized: env.REDIS_TLS_REJECT_UNAUTHORIZED === 'true' }
-                : {}),
-            ...(env.REDIS_TLS_SERVERNAME
-                ? { servername: env.REDIS_TLS_SERVERNAME }
-                : {}),
-            ...(env.REDIS_TLS_CHECK_SERVER_IDENTITY === "false"
-                ? { checkServerIdentity: () => undefined }
-                : {}),
-            ...(env.REDIS_TLS_SECURE_PROTOCOL
-                ? { secureProtocol: env.REDIS_TLS_SECURE_PROTOCOL }
-                : {}),
-            ...(env.REDIS_TLS_CIPHERS ? { ciphers: env.REDIS_TLS_CIPHERS } : {}),
-            ...(env.REDIS_TLS_HONOR_CIPHER_ORDER
-                ? {
-                    honorCipherOrder: env.REDIS_TLS_HONOR_CIPHER_ORDER === "true",
-                }
-                : {}),
-            ...(env.REDIS_TLS_KEY_PASSPHRASE
-                ? { passphrase: env.REDIS_TLS_KEY_PASSPHRASE }
-                : {}),
-        },
-    };
-};
-
-
-export const redis = new Redis(env.REDIS_URL, {
-    maxRetriesPerRequest: null,
-    ...buildTlsOptions(),
-});
+export const redis = createRedisClient();

docs/images/connectors_edit_tool_permissions.png

@@ -1,6 +1,9 @@
 -- CreateEnum
 CREATE TYPE "McpServerClientInfoSource" AS ENUM ('DYNAMIC', 'STATIC');
 
+-- CreateEnum
+CREATE TYPE "McpServerToolPermission" AS ENUM ('ALLOWED', 'NEEDS_APPROVAL', 'DISABLED');
+
 -- CreateTable
 CREATE TABLE "McpServer" (
     "id" TEXT NOT NULL,
@@ -17,14 +20,26 @@ CREATE TABLE "McpServer" (
 );
 
 -- CreateTable
-CREATE TABLE "McpServerToolCallCount" (
+CREATE TABLE "McpServerOAuthScope" (
+    "mcpServerId" TEXT NOT NULL,
+    "scope" TEXT NOT NULL,
+    "enabled" BOOLEAN NOT NULL DEFAULT false,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "McpServerOAuthScope_pkey" PRIMARY KEY ("mcpServerId","scope")
+);
+
+-- CreateTable
+CREATE TABLE "McpServerTool" (
     "mcpServerId" TEXT NOT NULL,
     "toolName" TEXT NOT NULL,
-    "count" INTEGER NOT NULL DEFAULT 0,
+    "callCount" INTEGER NOT NULL DEFAULT 0,
+    "permission" "McpServerToolPermission" NOT NULL DEFAULT 'NEEDS_APPROVAL',
     "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
     "updatedAt" TIMESTAMP(3) NOT NULL,
 
-    CONSTRAINT "McpServerToolCallCount_pkey" PRIMARY KEY ("mcpServerId","toolName")
+    CONSTRAINT "McpServerTool_pkey" PRIMARY KEY ("mcpServerId","toolName")
 );
 
 -- CreateTable
@@ -57,7 +72,10 @@ CREATE INDEX "UserMcpServer_state_idx" ON "UserMcpServer"("state");
 ALTER TABLE "McpServer" ADD CONSTRAINT "McpServer_orgId_fkey" FOREIGN KEY ("orgId") REFERENCES "Org"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 
 -- AddForeignKey
-ALTER TABLE "McpServerToolCallCount" ADD CONSTRAINT "McpServerToolCallCount_mcpServerId_fkey" FOREIGN KEY ("mcpServerId") REFERENCES "McpServer"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE "McpServerOAuthScope" ADD CONSTRAINT "McpServerOAuthScope_mcpServerId_fkey" FOREIGN KEY ("mcpServerId") REFERENCES "McpServer"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "McpServerTool" ADD CONSTRAINT "McpServerTool_mcpServerId_fkey" FOREIGN KEY ("mcpServerId") REFERENCES "McpServer"("id") ON DELETE CASCADE ON UPDATE CASCADE;
 
 -- AddForeignKey
 ALTER TABLE "UserMcpServer" ADD CONSTRAINT "UserMcpServer_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE CASCADE ON UPDATE CASCADE;

docs/images/connectors_oauth_scopes.png

@@ -347,6 +347,12 @@ enum McpServerClientInfoSource {
   STATIC
 }
 
+enum McpServerToolPermission {
+  ALLOWED
+  NEEDS_APPROVAL
+  DISABLED
+}
+
 model UserToOrg {
   joinedAt DateTime @default(now())
 
@@ -684,7 +690,8 @@ model McpServer {
   orgId Int
 
   userMcpServers  UserMcpServer[]
-  toolCallCounts  McpServerToolCallCount[]
+  tools           McpServerTool[]
+  oauthScopes     McpServerOAuthScope[]
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt
@@ -693,12 +700,26 @@ model McpServer {
   @@unique([orgId, sanitizedName])
 }
 
-/// Lifetime tool call counters for an MCP server.
-model McpServerToolCallCount {
+/// OAuth scope configuration for an MCP server.
+model McpServerOAuthScope {
+  mcpServer   McpServer @relation(fields: [mcpServerId], references: [id], onDelete: Cascade)
+  mcpServerId String
+  scope       String
+  enabled     Boolean   @default(false)
+
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  @@id([mcpServerId, scope])
+}
+
+/// Tool metadata for an MCP server.
+model McpServerTool {
   mcpServer   McpServer @relation(fields: [mcpServerId], references: [id], onDelete: Cascade)
   mcpServerId String
   toolName    String
-  count       Int       @default(0)
+  callCount   Int                     @default(0)
+  permission  McpServerToolPermission @default(NEEDS_APPROVAL)
 
   createdAt DateTime @default(now())
   updatedAt DateTime @updatedAt

docs/images/connectors_tool_permissions.png

@@ -18,6 +18,7 @@
         "@sourcebot/schemas": "workspace:*",
         "@t3-oss/env-core": "^0.13.10",
         "ajv": "^8.17.1",
+        "ioredis": "^5.4.2",
         "micromatch": "^4.0.8",
         "strip-json-comments": "^5.0.1",
         "triple-beam": "^1.4.1",

packages/backend/src/redis.ts

@@ -65,6 +65,9 @@ export {
 export {
     getSMTPConnectionURL,
 } from "./smtp.js";
+export {
+    createRedisClient,
+} from "./redis.js";
 export {
     SOURCEBOT_VERSION,
 } from "./version.js";
@@ -73,4 +76,4 @@ export {
     formatVersion,
     compareVersions,
 } from "./versionUtils.js";
-export type { Version } from "./versionUtils.js";
+export type { Version } from "./versionUtils.js";